A lattice model of secure information flow
Communications of the ACM
Beos: Porting UNIX Applications
Beos: Porting UNIX Applications
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Implicit Flows: Can't Live with `Em, Can't Live without `Em
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Proceedings of the 13th international conference on Security protocols
Privacy in Context: Technology, Policy, and the Integrity of Social Life
Privacy in Context: Technology, Policy, and the Integrity of Social Life
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Privad: practical privacy in online advertising
Proceedings of the 8th USENIX conference on Networked systems design and implementation
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
RePriv: Re-imagining Content Personalization and In-browser Privacy
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Cells: a virtual mobile smartphone architecture
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
MobiCon: a mobile context-monitoring platform
Communications of the ACM
TreasurePhone: context-sensitive user data protection on mobile phones
Pervasive'10 Proceedings of the 8th international conference on Pervasive Computing
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
πBox: a platform for privacy-preserving apps
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Users today are unable to use the rich collection of third-party untrusted applications without risking significant privacy leaks. In this paper, we argue that current and proposed applications and data-centric security policies do not map well to users' expectations of privacy. In the eyes of a user, applications and peripheral devices exist merely to provide functionality and should have no place in controlling privacy. Moreover, most users cannot handle intricate security policies dealing with system concepts such as labeling of data, application permissions and virtual machines. Not only are current policies impenetrable to most users, they also lead to security problems such as privilege-escalation attacks and implicit information leaks. Our key insight is that users naturally associate data with real-world events, and want to control access at the level of human contacts. We introduce Bubbles, a context-centric security system that explicitly captures user's privacy desires by allowing human contact lists to control access to data clustered by real-world events. Bubbles infers information-flow rules from these simple context-centric access-control rules to enable secure use of untrusted applications on users' data. We also introduce a new programming model for untrusted applications that allows them to be functional while still upholding the users' privacy policies. We evaluate the model's usability by porting an existing medical application and writing a calendar app from scratch. Finally, we show the design of our system prototype running on Android that uses bubbles to automatically infer all dangerous permissions without any user intervention. Bubbles prevents Android-style permission escalation attacks without requiring users to specify complex information flow rules.